macOS 'Quick Look' exploit could reveal all your encrypted data
macOS 'Quick Look' exploit could reveal all your encrypted data

Quick Look is just one of macOS's handiest features, but one programmer has proven it is also incredibly vulnerable to hacking.

Apple's Quick Look mechanism generates caches thumbnails of files, pictures, folders and other data to provide users quick and effortless access. That's normally what Quick Look does with your files, however a safety researcher called Wojciech Regula recognized the feature is doing the exact same thing with your encrypted data and conserves those mentioned thumbnails into an unencrypted site.

This vulnerability will allow a hacker to capture snippets of initial files, such as those included in containers that are encrypted, by simply rooting out Quick Look's cache of thumbnails.

More speed, more problems

Regula mimicked this type of hack uploading two pictures to two different encrypted containers, one encoded in VeraCrypt and another with macOS Encrypted HFS+/APFS. Using simple controls, the researcher both pictures through their file paths, enabling one to access a tiny version of the first files.

As though seeing thumbnails pictures of your personal images was not bad enough, Regula also showed how the Quick Look's backend may also disclose sensitive documents. Regrettably, Quick Look does a fantastic job of caching any extra drives you may have plugged into your Mac, so files stored on thumb drives or external hard disk drives.

So what do you do? Luckily, users may secure their encoded files by manually draining the Quick Look and unmount their encoded container and Regula notes that Apple has made a utility called 'qlmanage' only for this particular task.

It seems like the ideal method to keep your data protected from Quick Look is to fully divorce it from the Mac -- that is not suitable in any way. So hopefully Apple releases a fix for this vulnerability at a close future macOS upgrade.